Publications
Stocktaking on technologies
This report presents the results of a survey conducted to a number of service providers in the EU on the state-of-the-art of deployment of three technologies, MPLS, IPv6 and DNSSEC and their impact on improved network resilience. The report also addresses open issues identified by the representatives of the service providers interviewed.
Resilience features of technologies
In this study an overview of the characteristics of the selected technologies is given, their public eCommunication network's resilience enhancing features are analysed and other properties that one has to be aware of in order to make a decision about their deployment are outlined. Furthermore, a number of deployment scenarios for the technologies are presented.
Gaps in standardisation related to resilience of communication networks
The study provides five recommendations for future standardisation activities. In addition, the report identifies a number of detailed areas where the SDOs are expected to work in order to facilitate greater assurance of resilience in networks.
Priorities for Research on Current and Emerging Network Trends
This study was carried out under the umbrella of ENISA by a group of experts in the relevant areas who are experienced in running security-related research projects, in developing and implementing new networking technologies and in creating policies. A number of areas, comprising one or more technologies and policies that are currently in use or where there are plans to introduce them within a few years, were identified as having an impact on the resilience of networks. Some of these areas are already well established, described and standardised, some are in the very early stages of development and, finally, some will only come into broad use over a very long time frame (more than five years). Five areas have been assessed as presenting the biggest need for research within a window of three to five years: cloud computing, real-time detection and diagnosis systems, future wireless networks, sensor networks, and supply chain integrity. These areas are analysed and described in detail in the core of this report.
Data breach notifications in the EU
The introduction of a European data breach notification requirement for the electronic communication sector introduced in the review of the ePrivacy Directive (2002/58/EC) is an important development with a potential to increase the level of data security in Europe and foster reassurance amongst citizens on how their personal data is being secured and protected by electronic communication sector operators. Against this background, ENISA reviewed the current situation in order to develop a consistent set of guidelines addressing the technical implementation measures and the procedures, as described by Article 4 of the reviewed Directive 2002/58/EC.
Enabling and managing end-to-end resilience
This document is structured in a manner that allows the reader to understand the definition of resilience and end-to-end resilience. The report identifies the contributors to end-to-end resilience and gives guidance on how to enable and manage end-to-end resilience. The primary scope of this report is public networks and services. End-to-end resilience is achieved from the planned combination of prevention, protection, response and recovery arrangements, whether technical, organisational or social.
Survey of accountability, trust, consent, tracking, security and privacy mechanisms in online environments
The study, using a survey, attempts to evaluate which are currently the mechanisms deployed in available online services for accountability, consent, trust, security and privacy. While the finding of this survey cannot be easily extrapolated to all online services, some trends are prominent and it is safe to assume that these are valid for most organisations that operate online. Besides these trends, we mention here the lack of a single coherent view on how to best achieve user privacy in online environments. An increase in awareness of privacy and security concepts within organisations and industry sectors appears to be desirable, in order to maintain a high level of security and confidence on the part of users and society in the ICT infrastructure and services provided within the EU. A major area of concern was how the EU would create and maintain a ‘level regulatory playing field’, especially with non-EU based multinationals entering the EU market without proper (privacy) compliance and rapidly establishing a significant user base.
Privacy, Accountability and Trust – Challenges and Opportunities
In the study, we focus on some of the available technologies and research results addressing privacy and data protection and topics related to, or influencing privacy, such as consent, accountability, trust, tracking and profiling. The objective is to provide a comprehensive and realistic view of both limitations generated and possibilities provided by technologies in the case of personal data protection rights.
Mapping security services to authentication levels
This report reviews the authentication levels and their mapping to public electronic services in the eGovernment programme framework, which require an authentication of the user (security services). It gives a general overview of European efforts and particularly the activities of STORK (Secure idenTity acrOss boRders linKed) in relation to the levels and the mapping. Essential concepts in IT security are explained and the mappings are illustrated by everyday life examples.
Managing multiple identities
Nowadays each person has the opportunity of living multiple lives in parallel, in the real as well as in the virtual world. A trend observed over the last years, first in the research community, but now also in commercial offerings is the increase of interactions between these two worlds, making real-world information accessible to services on the Internet. An area of particular interest is the management of multiple identities, where “identity” is being considered in a broad sense. Issues related with this area include anonymity, pseudonymity, unlinkability and unobservability. The increasingly digital nature of relationships between people is central to dealing with those issues. It is not a question simply of hardware or software, but more importantly of enabling people to enjoy and benefit from their online experiences, while dealing with potential issues. The problems might include a lack of knowledge or training, difficult personal circumstances or simply irritation at the diversity and unpredictability of online privacy and identity mechanisms. It is therefore vital that we should have strong, reliable mechanisms, which can be easily understood and relied upon across the course of a lifetime. This paper introduces the key concepts of electronic identity and presents available methods of managing multiple identities.
Study on data collection and storage in the EU
Given the clear contrast between the importance of the privacy by design principle on the one hand, and the reality of lax data protection practices with many online service providers on the other hand, the aim of this study is to present an analysis of the relevant legal framework of European Member States on the principles of minimal disclosure and the minimum duration of the storage of personal data. The study is not intended to go too deep into the details of the legal complexities of the data protection legislation. It rather focuses on a limited number of relevant use cases and tries to find out how the aforementioned principles are expressed in concrete legal or regulatory provisions applicable to these cases, and how they are observed in practice.
Study on monetising privacy. An economic model for pricing personal information
Do some individuals value their privacy enough to pay a mark-up to an online service provider who protects their information better? How is this related to personalisation of services? This study analyses the monetisation of privacy. ‘Monetising privacy’ refers to a consumer’s decision of disclosure or non-disclosure of personal data in relation to a purchase transaction. The main goal of this report is to enable a better understanding of the interaction of personalisation, privacy concerns and competition between online service providers. Consumers benefit from personalisation of products on the one hand, but might be locked in to services on the other. Moreover, personalisation also bears a privacy risk, i.e. that data may be compromised once disclosed to a service provider. Privacy is a human right; thinking about the economics of privacy does not change this basic fact. The authors of this report consider an economic analysis of privacy as complementary to the legal analysis as it improves our understanding of human decision-making with respect to personal data.
